Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 756280 Details for
Bug 827281
sys-kernel/genkernel-4.2.5: Decrypting crypt_root before crypt_swap will corrupt zfs/zpools
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches initrd to decrypt swap before decrypting root
initrd-fix-decrypt-swap-before-root.patch (text/plain), 2.79 KB, created by
Daniel Morlock
on 2021-11-25 13:08:37 UTC
(
hide
)
Description:
Patches initrd to decrypt swap before decrypting root
Filename:
MIME Type:
Creator:
Daniel Morlock
Created:
2021-11-25 13:08:37 UTC
Size:
2.79 KB
patch
obsolete
>--- genkernel-4.2.5/defaults/initrd.scripts.orig 2021-11-25 12:36:36.570651030 +0100 >+++ genkernel-4.2.5/defaults/initrd.scripts 2021-11-25 12:37:00.899245974 +0100 >@@ -2320,37 +2320,48 @@ > } > > start_LUKS() { >- # if key is set but neither ssh enabled or key device is given, find >- # the key device > >- [ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \ >- && sleep 6 && bootstrapKey "ROOT" >+ [ -z "$1" -o "$1" == "root" ] && decrypt_root="1" >+ [ -z "$1" -o "$1" == "swap" ] && decrypt_swap="1" > >- if [ -n "${CRYPT_ROOT}" ] >- then >- openLUKS "root" >- if [ -n "${REAL_ROOT}" ] >- then >- # Rescan volumes >- start_volumes >- else >- REAL_ROOT="/dev/mapper/root" >- fi >- fi >- >- # same for swap, but no need to sleep if root was unencrypted >- [ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \ >- && { [ -z "${CRYPT_ROOT}" ] && sleep 6; bootstrapKey "SWAP"; } >- >- if [ -n "${CRYPT_SWAP}" ] >- then >- openLUKS "swap" >- if [ -z "${REAL_RESUME}" ] >- then >- # Resume from swap as default >- REAL_RESUME="/dev/mapper/swap" >- fi >- fi >+ # if key is set but neither ssh enabled or key device is given, find >+ # the key device >+ if [ -n "$decrypt_root" ] >+ then >+ >+ [ -n "${CRYPT_ROOT_KEY}" ] && [ -z "${CRYPT_ROOT_KEYDEV}" ] \ >+ && sleep 6 && bootstrapKey "ROOT" >+ >+ if [ -n "${CRYPT_ROOT}" ] >+ then >+ openLUKS "root" >+ if [ -n "${REAL_ROOT}" ] >+ then >+ # Rescan volumes >+ start_volumes >+ else >+ REAL_ROOT="/dev/mapper/root" >+ fi >+ fi >+ >+ fi >+ >+ if [ -n "$decrypt_swap" ] >+ then >+ # same for swap, but no need to sleep if root was unencrypted >+ [ -n "${CRYPT_SWAP_KEY}" ] && [ -z "${CRYPT_SWAP_KEYDEV}" ] \ >+ && { [ -z "${CRYPT_ROOT}" ] && sleep 6; bootstrapKey "SWAP"; } >+ >+ if [ -n "${CRYPT_SWAP}" ] >+ then >+ openLUKS "swap" >+ if [ -z "${REAL_RESUME}" ] >+ then >+ # Resume from swap as default >+ REAL_RESUME="/dev/mapper/swap" >+ fi >+ fi >+ fi > } > > start_sshd() { >--- genkernel-4.2.5/defaults/linuxrc.orig 2021-11-25 12:36:41.360374423 +0100 >+++ genkernel-4.2.5/defaults/linuxrc 2021-11-25 12:37:08.048833029 +0100 >@@ -641,9 +641,13 @@ > # Initialize LUKS root device except for livecd's > if [ "${CDROOT}" != '1' ] > then >- start_LUKS > if [ "${NORESUME}" != '1' ] && [ -n "${REAL_RESUME}" ] > then >+ >+ # Skip decrypting root which invoked start_volumes which will import >+ # zpools that might already be imported in the resumed system. >+ start_LUKS swap >+ > case "${REAL_RESUME}" in > LABEL=*|UUID=*|PARTLABEL=*|PARTUUID=*) > RESUME_DEV="" >@@ -673,6 +677,9 @@ > > do_resume > fi >+ >+ # If resume did not success, properly decrypt root. >+ start_LUKS root > fi > > run mkdir -p "${NEW_ROOT}"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=756280">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 827281
: 756280
